CLAIMS 



What is claimed is: 

1 . A method for determining whether to enforce a plurality of filter rules for a 
packet including a key in a computer network, each of the plurality of filter rules having a 
priority, the method comprising the steps of: 

(a) accumulating statistics for each of the plurality of filter rules, the statistics 
indicating a frequency of enforcement for each of the plurality of filter rules; and 

(b) placing the plurality of filter rules in an order for testing against the key, the 
order being based on the frequency of each filter rule of the plurality of filter rules. 

2. The method of claim 1 wherein the order is from a higher priority filter rule 
of the plurality of filter rules to a lower priority filter rule of the plurality of filter rules. 

3. The method of claim 1 wherein the ordering step (b) further includes the step 

of: 

(bl) providing a decision tree for testing the plurality of filter rules, the decision 
tree being configured based on the frequency of each of the plurality of filter rules and so 
that the plurality of filter rules can be tested in the order, a first portion of the plurality of 
filter rules having at least one higher priority being placed higher in the tree. 

4. The method of claim 3 wherein the decision tree providing step (bl) further 
includes the steps of: 
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(b 1 i) rebuilding the decision tree after the expiration of an interval of time. 



5 . The method of claim 4 wherein the interval of time is determined based on a 
determination of how frequently a second portion of the plurality of filter rules is enforced. 

6. The method of claim 5 wherein the interval of time decreases when the first 
portion of the plurality of filter rules are accessed less frequently than a third portion of the 
plurality of filter rules. 

7. The method of claim 4 when the interval of time is determined based on a 
previous interval of time. 

8. The method of claim 4 wherein the computer network further includes a 
network processor and wherein the rebuilding step (bli) further includes the step of: 

(bli-a) placing the plurality of filter rules in the decision tree based on the priority of 
each of the plurality of filter rules and at least one performance factor of the network 
processor. 

9. A system for determining whether to enforce a plurality of filter rules for a 
packet including a key in a computer network, each of the plurality of filter rules having a 
priority, the system comprising: 

at least one network processor for accumulating statistics for each of the plurality of 
filter rales, the statistics indicating a frequency of enforcement for each of the plurality of 

RAL920010014US1 17 



filter rules and testing a portion of the plurality of filter rules against the key in an order, the 
order being based on the frequency of each filter rule of the portion of the plurality of filter 
rules; and 

at least one memory for storing the plurality of filter rules. 

1 0. The system of claim 9 wherein the order is from a higher priority filter rule of 
the portion of the plurality of filter rules to a lower priority filter rule of the portion of the 
plurality of filter rules. 

1 1 . The system of claim 9 further comprising: 

a decision tree for testing the plurality of filter rules, the decision tree being 
configured based on the frequency of each of the plurality of filter rules and so that the 
network processor tests portion of the plurality of filter rules in the order, a first portion of 
the plurality of filter rules having at least one higher priority being placed higher in the tree. 

12. The system of claim 1 1 wherein the decision tree is rebuilt after the 
expiration of an interval of time. 

1 3 . The system of claim 1 2 wherein the interval of time is determined based on a 
determination of how frequently a second portion of the plurality of filter rules is enforced. 

14. The system of claim 13 wherein the interval of time decreases when the first 
portion of the plurality of filter rules are accessed less frequently than a third portion of the 
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plurality of filter rales. 



15. The system of claim 12 when the interval of time is determined based on a 
previous interval of time. 

16. The system of claim 12 wherein the plurality of filter rules is placed in the 
decision tree based on the priority of each of the plurality of filter rales and at least one 
performance factor of the network processor. 

17. The system of claim 9 wherein the at least one memory includes a fast 
memory and wherein a first portion of the plurality of filter rules are placed in the fast 
memory, each of the first portion of the plurality of filter rales having a higher priority. 

18. A switch for use in a computer network, the switch determining whether to 
enforce a plurality of filter rules for a packet including a key, each of the plurality of filter 
rules having a priority, the switch comprising: 

at least one network processor for accumulating statistics for each of the plurality of 
filter rales, the statistics indicating a frequency of enforcement for each of the plurality of 
filter rules and testing a portion of the plurality of filter rules against the key in an order, the 
order being based on the frequency of each filter rule of the portion of the plurality of filter 
rules; 

at least one memory for storing the plurality of filter rules; and 
a switch fabric coupling the plurality of processors. 
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1 9. A computer-readable medium including a program for determining whether 
to enforce a plurality of filter rules for a packet including a key in a computer network, each 
of the plurality of filter rules having a priority, the program including instructions for: 

(a) accumulating statistics for each of the plurality of filter rules, the statistics 
indicating a frequency of enforcement for each of the plurality of filter rules; and 

(b) placing the plurality of filter rules in an order for testing against the key, the 
order being based on the frequency of each filter rule of the plurality of filter rules. 

20. The computer-readable medium of claim 19 wherein the order is from a 
higher priority filter rule of the plurality of filter rules to a lower priority filter rule of the 
plurality of filter rules. 

21 . The computer-readable medium of claim 1 9 wherein placing instructions (b) 
further includes instructions for: 

(bl) providing a decision tree for testing the plurality of filter rules, the decision 
tree being configured based on the frequency of each of the plurality of filter rules and so 
that the plurality of filter rules can be tested in the order, a first portion of the plurality of 
filter rules having at least one higher priority being placed higher in the tree. 

22. The computer-readable medium of claim 21 wherein the decision tree 
providing instructions (bl) further includes instructions for: 

(bli) rebuilding the decision tree after the expiration of an interval of time. 
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23. The computer-readable medium of claim 22 wherein the interval of time is 
determined based on a determination of how frequently a second portion of the plurality of 
filter rules is enforced. 

24. The computer-readable medium of claim 23 wherein the interval of time 
decreases when the first portion of the plurality of filter rules are accessed less frequently 
than a third portion of the plurality of filter rules. 

25. The computer-readable medium of claim 22 when the interval of time is 
determined based on a previous interval of time. 

26. The computer-readable medium of claim 22 wherein the computer network 
further includes a network processor and wherein the rebuilding instructions (bli) further 
includes instructions for: 

(bli-1) placing the plurality of filter rules in the decision tree based on the priority of 
each of the plurality of filter rules and at least one performance factor of the network 
processor. 

27. A method for determining whether to enforce a plurality of filter rules for a 
packet including a key in a computer network, each of the plurality of filter rules having a 
priority, the method comprising the steps of: 

(a) accumulating statistics for each of the plurality of filter rules, the statistics 
indicating a frequency of enforcement for each of the plurality of filter rules; and 
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(b) testing a portion of the plurality of filter rules against the key in an order, the 
order being based on the frequency of each filter rule of the portion of the plurality of filter 
rules. 
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